In Nov ’13 I reported a Cross-site Scripting vulnerability to the Yahoo Bug Bounty Program. As for my other reports, I’ve got no response or feedback, so I wrote a message to them via email this time and so on … blah blah :)

To cut a long story short, for all my reports the communication with Yahoo was really bad and of course: No bounty!